From 2a65dd41d4870499cc0ce7e3fc6200a29bf2f7ee Mon Sep 17 00:00:00 2001 From: Sam Date: Thu, 18 Apr 2013 10:04:42 +1000 Subject: [PATCH] some safety --- lib/oneboxer/discourse_local_onebox.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/oneboxer/discourse_local_onebox.rb b/lib/oneboxer/discourse_local_onebox.rb index 5fd7b2c694d..970f0d5aa90 100644 --- a/lib/oneboxer/discourse_local_onebox.rb +++ b/lib/oneboxer/discourse_local_onebox.rb @@ -19,6 +19,8 @@ module Oneboxer case route[:controller] when 'users' user = User.where(username_lower: route[:username].downcase).first + return nil unless user + Guardian.new.ensure_can_see!(user) args.merge! avatar: PrettyText.avatar_img(user.username, 'tiny'), username: user.username @@ -29,6 +31,8 @@ module Oneboxer if route[:post_number].present? && route[:post_number].to_i > 1 # Post Link post = Post.where(topic_id: route[:topic_id], post_number: route[:post_number].to_i).first + return nil unless post + Guardian.new.ensure_can_see!(post) topic = post.topic @@ -46,8 +50,10 @@ module Oneboxer else # Topic Link topic = Topic.where(id: route[:topic_id].to_i).includes(:user).first + return nil unless topic + + Guardian.new.ensure_can_see!(topic) post = topic.posts.first - Guardian.new(nil).ensure_can_see!(topic) posters = topic.posters_summary.map do |p| {username: p[:user][:username],